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This action is in response to the communication filed on 04/26/2001 . 

DETAILED ACTION 

1 . Claims 1-50 have been examined. 

Title 

2. The title of the invention is acceptable. 

Priority 

3. The application has been filed under Title 35 U.S.C §1 19(e), claiming priority to 
Provisional application 60/199,984, filed 04/27/2000. 

4. Applicant's claim for domestic priority under 35 U.S.C. 1 19(e) is acknowledged. 
However, the provisional application upon which priority is claimed fails to provide 
adequate support under 35 U.S.C. 112 for claims 1, 16, 34 and 49 of this application. 
Provisional application 60/199,984 does not discuss the internal makeup of the 
managed security server, such as a memory for storing at least one address, or a 
processor for configuring the network. The provision al also fails to mention the use of 
IKE or the exchange of IKE configuration information and therefore is not enabling for 
these claims. Therefore the claim to priority of this provisional application is not 
granted. 

5. The effective filing date for the subject matter defined in the pending claims in 
this application is 04/26/2001. 
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Information Disclosure Statement 

6. The information disclosure statement (IDS) submitted on 08/06/2001 is in 
compliance with the provisions of 37 CFR 1 .97. Accordingly, the examiner is 
considering the information disclosure statement. 

7. The listing of references in the specification is not a proper information disclosure 
statement. 37 CFR 1 .98(b) requires a list of all patents, publications, or other 
information submitted for consideration by the Office, and MPEP § 609 A(1 ) states, "the 
list may not be incorporated into the specification but must be submitted in a separate 
paper." Therefore, unless the references have been cited by the examiner on form 
PTO-892, they have not been considered. 

Drawings 

8. The drawings filed on 09/27/2001 are objected to for the following reasons. 
Figure 4, as described on page 7 of the specification, is "a typical network configuration" 
of the prior art and therefore must be labeled as "Prior Art". Figures 5 and 6 also only 
show that which is old, as described on pages 12-13 of the specification, and therefore 
must also be labeled prior art. 

Corrected drawing sheets are required in reply to the Office action to avoid 
abandonment of the application. The replacement sheet(s) should be labeled 
"Replacement Sheet" in the page header (as per 37 CFR 1 .84(c)) so as not to obstruct 
any portion of the drawing figures. If the changes are not accepted by the examiner, the 
applicant will be notified and informed of any required corrective action in the next Office 
action. The objection to the drawings will not be held in abeyance. 
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Specification 

9. The disclosure is objected to because the Brief Description of the Drawings does 
not properly describe Figures 1-6, as required by 37 C.F.R. 1.74. More specifically they 
Brief description should label these figures as prior art because only that which is old is 
shown. Appropriate correction is required. See MPEP § 608.01(f). 

10. The disclosure is objected to because it contains an embedded hyperlink and/or 
other form of browser-executable code. Applicant is required to delete the embedded 
hyperlink and/or other form of browser-executable code. See MPEP § 608.01 . 

Claim Objections 

1 1 . The applicant is reminded that a series of singular dependent claims is 
permissible in which a dependent claim refers to a preceding claim which, in turn, refers 
to another preceding claim. 

A claim which depends from a dependent claim should not be separated by any 
claim which does not also depend from said dependent claim. It should be kept in mind 
that a dependent claim may refer to any preceding independent claim. In general, 
applicant's sequence will not be changed. See MPEP § 608.01 (n). 

12. Claims 1-34, and 50 are objected to due to the use of parenthesized letters to 
distinguish between claim limitations. This is not consistent with the preferred claim 
form set out in 37 CFR 1 .75(i) where a parenthesized letter would be a reference 
character to an element set forth in the detailed description of the invention. Correction 
is required. See MPEP § 608.01 (m). 

Claim Rejections - 35 USC §112 
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13. Claims 6-10, and 12-16, are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

14. Claims 6 and 13 recite the limitation "the input" in line 2. There is insufficient 
antecedent basis for this limitation in the claim. 

15. Claim 9 recites the limitation "the second input" in line 2. There is insufficient 
antecedent basis for this limitation in the claim. 

16. Claims 12 and 14-16 recite the limitation "the output" in line 2. There is 
insufficient antecedent basis for this limitation in the claim. 

1 7. Any claim not specifically mentioned is rejected by virtue of its dependency to 
one of the above claims. 

Claim Rejections - 35 (JSC § 102 

18. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under 
section 122(b), by another filed in the United States before the invention by the 
applicant for patent or (2) a patent granted on an application for patent by 
another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application 
filed in the United States only if the international application designated the 
United States and was published under Article 21(2) of such treaty in the English 
language. 

19. Claims 1-14, 17-32, 35-47, and 50 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Hoke et al. (U.S. Patent Number 6,701,437), hereinafter referred to as 
Hoke. 
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20. Claim 1 recites a Managed Security Server for use in a Secure Segment 
Communications Network, the Managed Security Server (Element 115) comprising: a 
memory to store an address of at least one secure gateway device (Element 1 1 5), 
wherein said secure gateway device is a member of the Secure Segment 
Communications Network (See Hoke Col. 14 Paragraph 4 and Figures 1 and 6); and a 
processor (Element 600) for configuring said Secure Segment Communications 
Network by configuring the at least one secure gateway device (See Hoke Col. 14 
Paragraph 2-4). 

21 . Claim 2 recites that the Managed Security Server is a secure gateway device 
(See Hoke Element 115 and Figure 6 Elements 614 and 616). 

22. Claim 3 recites that the memory stores a static public IP address, wherein the 
static public IP address is assigned to the Managed Security Server (See Hoke Col. 16 
paragraph 2). 

23. Claim 4 recites that the at least one secure gateway device, the secure gateway 
device has a memory containing the static public IP address of the Managed Security 
Server (See Hoke Col. 16 paragraph 2 wherein the secure gateway device and the 
Managed Security Server are both Element 115). 

24. Claim 5 recites that the address of the at least one secure gateway device is 
dynamically assigned (See Hoke Col. 16 paragraph 2). 

25. Claim 6 recites the input is additionally configured to receive a request for an 
address of a destination node, wherein the destination node is a part of said Secure 
Segment Communications Network (See Hoke Figure 3). 
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26. Claim 7 recites that the request is tunneled and encrypted (See Hoke Figure 3 
Steps 340 and 350). 

27. Claim 8 recites that the request is further comprised of an IP packet (Element 
230), wherein the IP packet has the virtual IP address in a IP address field (Element 
232) and a public IP address encoded as a hardware address in a hardware address 
field (Element 212) (See Hoke Figure 2 and Col. 9 paragraphs 2-6). 

28. Claim 9 recites an output configured to receive the request for an address from 
the second input, and to transmit the request for an address to the destination node 
(See Hoke Figure 3 Step 360). 

29. Claim 10 recites that the destination node responds to the forwarded request for 
an address with an address response (See Hoke Figure 5). 

30. Claim 1 1 recites that a communication from a local area network to a second 
local area network is transferred through a wide area network by the at least one secure 
gateway devices through a tunnel (See Hoke Figures 3-4 and Figure 1 Element 100). 

31 . Claim 12 recites that the output is also configured to output tunnel configuration 
information to the at least one secure gateway device (See Hoke Fig. 3 Steps 350 and 
360). 

32. Claim 13 recites that the input is additionally configured to receive a transmission 
of data intended for a destination node (See Fig. 3 Steps 310 and 330). 

33. Claim 14 recites that the output is additionally configured to transmit the 
transmission of data to a secure gateway device that corresponds to the destination 
node (See Fig. 3 Step 360 and Fig. 4 Steps 400, 410, and 430). 
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34. Claim 17 recites a method of managing a Secure Segment Communications 
Network, wherein the Secure Segment Communications Network is further comprised of 
a plurality of secure gateway devices (See Hoke Fig. 1 Elements 115, 125, 135, 145, 
155, and 160), the method comprising the steps of: connecting the plurality of secure 
gateway devices to a communications network (See Hoke Fig. 1); and designating one 
of the plurality of secure gateway devices to be a Managed Security Server wherein the 
Managed Security Server configures the Secure Segment Communications Network 
(See Hoke Figure 1 Element 160 and Col. 7 Paragraph 2 and Col. 16 Paragraph 3). 

35. Claim 18 recites configuring the Secure Segment Communications Network at a 
second Managed Security Server secure gateway (See Hoke Col. 7 Paragraph 2). 

36. Claim 19 recites assigning each secure gateway device of the plurality of secure 
gateway devices an address that is independent of any other address on the network. 
Hoke disclosed that the VPN units each has an IP address in order to receive VPN 
packets for its private network (See Hoke Col. 3 Paragraph 6). It was inherent that the 
addresses were independent of each other in order for proper packet routing though the 
Internet. 

37. Claims 20 and 21 recite assigning the Managed Security Server a static public IP 
address and storing, at each secure gateway device of the plurality of secure gateway 
devices, the static public IP address of the Managed Security Server. (See Hoke Col. 16 
Paragraph 3 Line 8 and Col. 14 Paragraph 6 Lines 4-9 wherein it was inherent that the 
"route" contained the specific IP address of the Management station in order to 
communicate with the station). 
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38. Claim 22 recites dynamically assigning the address (See Hoke Col. 16 
Paragraph 2 wherein the manager supports both static and dynamic addressing). 

39. Claim 23 recites opening a registration channel from each of the secure gateway 
devices of the plurality of gateway devices to the Managed Security Server; and 
conveying the dynamically assigned address to the Managed Security Server (See 
Hoke Col. 16 Paragraphs 3-5). 

40. Claim 24 recites sending a request for an address of a destination node from a 
source node to the Managed Security Server, wherein the destination node is a part of 
said Secure Segment Communications Network (See Hoke Fig. 8). 

41 . Claim 25 recites that the request is tunneled and encrypted (See Hoke Col. 3 
Paragraph 6). 

42. Claim 26 recites that the request is further comprised of an IP packet wherein the 
IP packet has the virtual IP address in a IP address field and a public IP address 
encoded as a hardware address in a hardware address field (See rejection of claim 8 
above). 

43. Claim 27 recites forwarding the request for an address of a destination node of 
step (g) from the Managed Security Server to the destination node (See Hoke Col. 13 
Paragraph 4). 

44. Claim 28 recites responding to the forwarded request for an address at the 
destination node with an address response (See Hoke Col. 13 Paragraphs 5-6). 

45. Claim 29 is rejected for the same reasons as claim 1 1 above. 



Application/Control Number: 09/843,605 Page 10 

Art Unit: 2131 

46. Claim 30 recites providing tunnel configuration information from the Managed 
Security Server to the plurality of secure gateway devices (See Hoke Col. 16 Paragraph 
3). 

47. Claims 31 and 32 recite receiving at the Managed Security Server a transmission 
of data intended for a destination node and transmitting from the Managed Security 
Server the transmission of data to a secure gateway device of the plurality of secure 
gateway devices that corresponds to the destination node (See Fig. 3 and Fig 4). 

48. Claim 35 recites a first output configured to output a request for an address to a 
destination node to a Managed Security Server (See Hoke Col. 16 Paragraph 3 request 
to edit a lookup table); an input to receive an address from the Managed Security 
Server in response to the request for an address to a destination node (See Hoke Col. 
16 Paragraph 5); and a second output configured to output data to a destination node 
according to the received address (See Hoke Fig. 3). 

49. Claim 36 recites that the Secure Segment Communications Network is 
configured by a second Managed Security Server in the event the Managed Security 
Server fails (See Hoke Col. 7 Paragraph 2). 

50. Claims 37-41 are rejected for the same reasons as claims 19-23 above. 

51 . Claims 42-47 are rejected for the same reasons as claims 25-30 above. 

52. Claim 50 recites connecting the plurality of secure gateway devices to a 
communications network (See Hoke Fig. 1); designating one of the plurality of secure 
gateway devices to be a Managed Security Server, wherein the Managed Security 
Server configures the Secure Segment Communications Network (See rejection of 
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claim 17 above); tunneling a broadcast or multicast transmission as a uni-cast 
transmission on a Internet to at least one secure gateway device with a known address, 
including the Managed Security Server (See Hoke Col. 13 Paragraph 2 and Fig. 3); and 
transmitting said broadcast or multicast transmission from the Managed Security Server 
to a plurality of secure gateway devices with dynamically assigned addresses (See 
Hoke Col. 13 Paragraph 2 and Coi. 16 Paragraph 2). 



Claim Rejections - 35 USC § 103 

53. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between the 
subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was 
made. 

54. Claim 15-16, 33-34, and 48-49 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hoke as applied to claim 1 above, and further in view of Kent et al. 
("Security Architecture for the Internet Protocol") hereinafter referred to as Kent. 

Hoke disclosed communication between two gateways over the Internet (See 
Fig. 3 Step 360), but Hoke failed to disclose the specific security protocols used in the 
communications. 

Kent teaches that IPsec can be used for providing transport security at the IP 
layer (See Kent Page 2 Paragraph 1). 
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It would have been obvious to the ordinary person skilled in the art at the time of 
invention to employ the teachings of Kent in the invention of Hoke in order to provide 
security to the packets sent out over the public network or Internet. This would have 
been obvious because the ordinary person skilled in the art would have been motivated 
to make the Virtual Private Network of Hoke virtual and private through the use of 
IPsec's payload encapsulation, cryptography, and authentication. 

55. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over the 
combination of Hoke and Kent. Kent disclosed that the default automated key 
exchange for IPsec was through the use of IKE, which required the exchange of IKE 
information (See Kent Section 4.6.2). 

56. Claims 33 and 34 are rejected for the same reasons as claims 15 and 16 above. 

57. Claims 48 and 49 are rejected for the same reasons as claims 15 and 16 above. 
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Conclusion 

58. Claims 1-50 have been rejected. 

59. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. Friedman et al. (U.S. Patent Number 5,757,924) disclosed a gateway 
security device for encrypting all external communications. 

b. Arrow et al. (U.S. Patent Number 6,154,839) disclosed an address 
translation unit for use with a Virtual Private Network Manager. 

c. Gilbrech (U.S. Patent Number 6,173,399) disclosed a system for 
implementing Virtual Private Networks. 

d. Arrow et al. (U.S. Patent Number 6,226,751 ) disclosed a Virtual Private 
management System. 



60. Please direct all inquiries concerning this communication to Matthew Henning 
whose telephone number is (703) 305-0713. The examiner can normally be reached 
Monday-Friday from 9am to 4pm, EST. 

If attempts to reach examiner by telephone are unsuccessful, the examiner's 
acting supervisor, Ayaz Sheikh, can be reached at (703) 305-9648. The fax phone 
number for this group is (703) 305-3718. 
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Any inquiry of general nature or relating to the status of this application or 
proceeding should be directed to the Group receptionist whose telephone number is 
(703) 305-3900. 
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